Accessing Instance Metadata

Google Cloud Platform provides a metadata server that knows details about your
App Engine instance, such as its containing project ID, service accounts, and
tokens used by the service accounts. You can access this data using simple HTTP
requests: no client libraries are required.

This page shows how to access instance metadata from your deployed Java 8
runtime application
by making HTTP calls to the appropriate metadata server endpoints.

Note: Metadata access is currently read only: you cannot write your own metadata for
an instance.

One useful way to use this API is to get the service account token and
supply it as a bearer token in the Authorization header of one of the Google
Cloud APIs, to authenticate your application to that particular API service.
See the Google Cloud Translation API
documentation for an example of how these bearer tokens are used.

Identifying which metadata endpoint to use

The following table lists the endpoints you can make HTTP requests to. All of
the endpoints shown are relative to the URL http://metadata.google.internal.

Metadata endpoint

Description

/computeMetadata/v1/project/numeric-project-id

The project number assigned to your project.

/computeMetadata/v1/project/project-id

The project ID assigned to your project.

/computeMetadata/v1/instance/zone

The zone the instance is running in.

/computeMetadata/v1/instance/service-accounts/default/aliases

/computeMetadata/v1/instance/service-accounts/default/email

The default service account email assigned to your project.

/computeMetadata/v1/instance/service-accounts/default/

Lists all the default service accounts for your project.

/computeMetadata/v1/instance/service-accounts/default/scopes

Lists all the supported scopes for the default service accounts.

/computeMetadata/v1/instance/service-accounts/default/token

Returns the auth token that can be used to authenticate your application to other Google Cloud APIs.

Making metadata requests

The following sample code gets all of the metadata available for the instance
and displays it, except for the service account token.

In the sample code, notice the check to make sure the app is running in
production. If the app is running locally, no metadata will be returned from
the requests.

Also, notice the use of the Google Gson JSON
serializer / deserializer, the OkHttp HTTP
and HTTP2 client, and the Thymeleaf templating
system. These are not required, but they are useful libraries for your own
projects.

Running locally

The metadata server is available for deployed applications: running locally
on the development server is not supported. You can add an environment check to
your code to expect metadata results only if the app is running in production,
as shown in the sample code provided above:

String environment =
(String) System.getProperties().get("com.google.appengine.runtime.environment");
ctx.setVariable("production", environment);
// The metadata server is only on a production system
if (environment.equals("Production")) {
... //show metadata results
}